[13001] in bugtraq
Re: [lucid@TERRA.NEBULA.ORG: qpop3.0b20 and below - notes and
daemon@ATHENA.MIT.EDU (Richard Trott)
Thu Dec 16 20:58:37 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.9912161159570.29869-100000@synapse.ckm.ucsf.edu>
Date: Thu, 16 Dec 1999 12:01:41 -0800
Reply-To: Richard Trott <trott@LIBRARY.UCSF.EDU>
From: Richard Trott <trott@LIBRARY.UCSF.EDU>
X-To: Qpopper Support <qpopper@QUALCOMM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <v04220823b46b683799c3@129.46.219.80>
Where these buffer overflows and "other uses of '%s'" that were
repaired only in qpopper 3.x? Are those of us running 2.53 not affected?
Or do we need to upgrade?
Rich
On Wed, 1 Dec 1999, Qpopper Support wrote:
> All reported buffer overruns are fixed in qpopper3.0b22, which is
> available at <ftp://ftp.qualcomm.com/eudora/servers/unix/popper/>.
>
> In addition, other users of '%s' were examined and limited applied to
> some which could theoretically cause a crash.
>
> > Message-ID: <Pine.LNX.4.10.9911301500310.26891-200000@terra.nebula.org>
> > Date: Tue, 30 Nov 1999 15:25:25 -0500
> > Reply-To: Lucid Solutions <lucid@TERRA.NEBULA.ORG>
> > Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
> > From: Lucid Solutions <lucid@TERRA.NEBULA.ORG>
> > Subject: qpop3.0b20 and below - notes and exploit
> >
> > I found this overflow myself earlier this month. Seems someone
> > else recently found it before Qualcomm was able to issue a patch. The 2.x
> > series is not vunlnerable because AUTH is not yet supported and the error
> > returned by attempting to use AUTH does not call pop_msg() with any user
> > input.
> >
> > There is also another overflow besides the AUTH overflow which can
> > occur if a valid username and password are first entered also occuring in
> > pop_msg().
> > pop_get_subcommand.c contains this line near the bottom in qpopper3.0b20:
> > pop_msg(p,POP_FAILURE,
> > "Unknown command: \"%s %s\".",p->pop_command,p->pop_subcommand);
> >
>
>
